Welcome to the updated Slickdeals redesign beta. Learn more and give us feedback. Or, return to the classic view.

Search in
Forum Thread
Rakuten (Buy.com) Discounts, Deals and Coupon Codes

Rakuten Buy.com Customers Getting Fraudulent Credit Card Charges

rrmoore 198 May 9, 2013 at 10:33 AM in Online Only (2) More Rakuten (Buy.com) Deals
Deal
Score
+156
245,794 Views
Get Deal

Thread Details

SD USERS REPORTING CREDIT CARD FRAUD VIA RAKUTEN SHOPPING SITE: 346

Many posts within SlickDeals have multiple threads about fraudulent credit card account transactions occurring within a few weeks of placing an order at Rakuten Buy.com. If you have been affected, please post your experience here so the magnitude of Rakuten Buy.com's apparent security breach and the impact on the affected Rakuten customers may be known. (Please save other issues, either regarding Rakuten, or other issues with credit card misuse to other posts.)

If you are one of the affected Rakuten customers, please make a post with (1) first date of the fraud transaction and (2) the most recent Rakuten.com order date (if there was one).
The most important thing however is to just be counted, if you're one of the affected customers.

RAKUTEN SHOPPING would like to hear from you directly:
*PHONE: Nick Thompson (Head of Customer Experience) 877-880-1030, ext. 2095.
*E-MAIL QUESTIONNAIRE: http://slickdeals.net/forums/showpost.php?p=60106758&postcount=622 -- Dedicated e-mail address rakuten-help@mail.rakuten.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Newspaper & Other Media Reports on this recent Rakuten/Buy.com Apparent Security Breach:

Consumer Reports The Consumerist [Jun-6-2013] -- "Here’s Everything We Know About The Rakuten/Buy.com Credit Card Breaches" -- post by 'steveliv', updated 'daniel32'
http://consumerist.com/2013/06/06/heres-everything-we-know-about-the-rakutenbuy-com-credit-card-breaches/ --and--- http://consumerist.com/2013/06/10...seriously/

New Jersey Record News [May-28-2013] -- "Bogota Police Warn Website Users of Suspicious Charges" -- posted by 'AnnoyedwithRakuten'
http://www.northjersey.com/news/B...l?page=all

Yahoo! Finance & MoneyTalksNews [Jun-6-2013] -- "Rakuten.com Customers Reporting Credit Card Fraud" -- txs 'krazyshopper'
http://finance.yahoo.com/news/rak...31825.html and http://www.moneytalksnews.com/201...ard-fraud/

Gizmodo via RakutenFraud.com [Jun-7-2013] -- "Gizmodo Announces They Will No Longer Post Rakuten Deals" -- txs to 'RakutenFraud.com'
http://rakutenfraud.com/2013/06/g...bORZRHn81I

StoreFrontBackTalk [Jun-12-2013] -- "Rakuten Breach: Live By The Web, Get Punished By The Web" -- txs to 'RakutenFraud.com'
http://storefrontbacktalk.com/sec...y-the-web/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Summary of the conclusions made by the contributors of this forum:

(1) Identity thieves obtained credit card #'s and SSN #'s from some Rakuten Customers
[Ref: News Story & NJ Police Interview http://www.northjersey.com/news/B...l?page=all -- 'AnnoyedwithRakuten']
[Ref: Additionally http://www.bergendispatch.com/art...arges.aspx]
[Ref: 'scotthall3411' Post #462, etc.]

(2) Many other users have been affected outside of the SlickDeals community
[Ref: Specialized Site Now Available: http://rakutenfraud.com/]

(3) The apparent security breach is not limited to just customers who placed orders. Several have reported credit card details were taken from their Rakuten My Account screen.
[Ref: 'Cletus81' Post #435, 'missmex1' Post #445]

(4) The apparent security breach was not at the credit card payment processing agent.
[Ref: 'mirai' Post #437]

(5) Customers using credit, debit cards and Gift Cards have been affected.
[Ref: Thread postings and external sites.]

(6) Almost 100% of all fraud reports are from customers who gave Rakuten their credit (or debit) card directly (rather than using payment gateways or other payment methods (gift cards, etc.)
[Ref: Thread postings.]

(7) Many customers were able to uniquely identify Rakuten as the source of the credit card theft.
[Ref: Many thread postings from customers using a one-time Virtual Credit Card Number, a new credit card only used at Rakuten, or a new Gift Card.]

(8) Rakuten Buy.com denies that any security breach has occurred, though they are "cooperating with police".
[Ref: News Story & NJ Police Interview http://www.northjersey.com/news/B...l?page=all -- 'AnnoyedwithRakuten']

(9) Using a Virtual Credit Card Number or Gift Cards at Rakuten may not be the best alternative.
[Ref: 'GPz1100' Post #205, Post #447, etc. Several affected customers posted their VCCN's later breach caused the credit card company to reissue a new card.]
[Ref: 'namlook' Post #449, etc. Hacker's later emptied the gift card or sold the balance on eBay.]
[Ref: 'bargainfinder09' Post #449 Must close VCCN out afterwards.]

(10) The apparent security breach still exists at Rakuten today, and a Rakuten customer order is not required to generate the subsequent CC fraud.
[Ref: 'Edxzxz' Post #583]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please scroll down to the Wiki for important messages from users
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full Text of the News Story] New Jersey Record News [May-28-2013] -- "Bogota Police Warn Website Users of Suspicious Charges"
BY DENISA R. SUPERVILLE, STAFF WRITER // Link: http://www.northjersey.com/news/B...l?page=all

BOGOTA – "Local police are asking anyone who has used the website Rakuten.com, formerly Buy.com, to look out for suspicious charges on their credit cards." The police department started investigating three cases in which residents complained of fraudulent charges on their credit cards and has since discovered five additional victims, including one in New York City, Bogota Detective Sgt. Jonathan Misskerg said Tuesday. The single thread between the victims is that they have made purchases on Rakuten.com in the past three months, police said. The victims’ names, Social Security numbers, dates of birth and credit card information were used to open accounts at online equipment suppliers, police said.

The purchases, made at five online stores, included gas valves and warehouse time clocks and totaled around $10,000, Misskerg said. The buyer was traced to an address in Bogotá, Colombia, Misskerg said. After the items were purchased, they were sent to an Englewood company, which then shipped the items to Colombia, Misskerg said. Police declined to identify the Englewood company, saying that the owner was cooperating with authorities and that it remained unclear whether he was part of the scheme. But since investigators first spoke with the company’s owner, someone electronically deposited funds in the company owner’s account — enough to cover the cost of shipping the items to Colombia, Misskerg said. “We’ve seized the packages and additional merchandise,” Misskerg said Tuesday. “We are going to try to shut him down at this point.”

Rakuten.com, a Japan-based online retail company completed its purchase of Buy.com, a California-based online market place, in July 2010. The website was rebranded as Rakuten.com this year. A company representative said Tuesday that the company had not been contacted by the local police, but that it would cooperate with authorities. “If there is a police investigation, we are not aware of it, and we have not been contacted,” said Mark Kirschner, the company’s executive officer for global marketing, adding that the company takes such reports “very seriously.”

However, an online message board [SlickDeals.net] contains several comments from posters claiming to have used the website and complaining about fraudulent charges on their credit cards. Kirschner said the company was aware of the website and had made overtures, “without success,” to those claiming to be affected. He urged those affected to contact the company’s head of customer experience at 877-880-1030 ext. 2095. Kirschner said he was unaware of any security breach or hacking incident that could have compromised customers’ information.

If anyone suspects that he or she may be a victim of identity theft, he or she should fill out an identity theft report at ftc.gov/idtheft, police advised. After doing so, the individual should take a copy of the report to the local police department and place an initial fraud alert with all three credit bureaus. The investigation was continuing, and as of Tuesday no charges had been filed, police said.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full Text of the News Story] Consumer Reports The Consumerist [Jun-6-2013] -- "Here’s Everything We Know About The Rakuten/Buy.com Credit Card Breaches"
By Laura Northrup // Link: http://consumerist.com/2013/06/06...-breaches/

Starting about a month ago, rumblings began on the SlickDeals forums among people who had recently made purchases from Rakuten Shopping, the new brand name of the marketplace Buy.com. The purchases made were diverse, ranging from time clocks in Colombia to newspaper subscriptions in Cleveland to plane tickets in Germany. Something is very, very wrong here: hundreds of victims from recent months have come forward on Slickdeals alone.

Rakuten Shopping is a sort of online mall: the site allows other vendors to set up their own “marketplace” stores and sell items. Users have reported fraudulent credit card transactions after purchases from a variety of marketplace vendors.

Rakuten staff reach out to complainers on Facebook and even on the deal forums, asking victims to call in order to straighten things out. If they have a solution in progress, Rakuten has not let customers know, including victims. While talking too much about it publicly might compromise the investigations, victims are unhappy that the only thing they’ve heard from the company is “call us!” to people whose cards have been breached. Apart from the threads on the subject on shopping sites, victims have started their own site, the appropriately-titled RakutenFraud.com.

If having fraudsters make purchases for up to $10,000 on your credit cards isn’t scary enough, the Newark Star-Ledger reports that some victims had new accounts opened up using personal information––their birthdates and Social Security numbers––that you don’t need to provide to Rakuten as part of a purchase. If you’re a victim, what should you do? Contact your credit card company and your local police, of course. You should also contact the merchant where your card was used: after all, they’re a victim too.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

SLICKDEALS USER NAMES WHO REPORTED CREDIT CARD FRAUD AFTER A RAKUTEN ORDER
  1. rrmoore
  2. tprevett
  3. motorolaX
  4. rebutiw
  5. cpeed
  6. jastisatya
  7. rbcrewser
  8. avishah
  9. koyhbae
  10. avatar13
  11. sakdeals
  12. Udis
  13. slinson
  14. hagure
  15. Amaylin
  16. jbiz
  17. fatt1974
  18. Friend of Sonic
  19. Missiethegal
  20. bonkman
  21. Marekv
  22. chote
  23. guyver2077
  24. rarmortn
  25. jefflam79
  26. drydeniv
  27. wezlypipz
  28. shahhet2
  29. keeplow.com
  30. cindyc1122
  31. kevinca
  32. chihuahua8383
  33. small_stuff03
  34. ek9cv5
  35. jmgjj
  36. deaconx31
  37. virbla
  38. lds322
  39. vsspam
  40. dealjourney
  41. villageidiot
  42. sproqit
  43. mrstak
  44. Ichen5
  45. nitish
  46. bigboco
  47. igorjrr
  48. Argantes
  49. HJFarnsworth
  50. vapers
  51. subpar101
  52. ktatka13
  53. callsoldier83
  54. speedyg
  55. jump4deal
  56. daniel32
  57. victoras
  58. Cptobvious
  59. blueskiesnh20
  60. buyforsalemit
  61. HockeyPuck16
  62. dealinneed
  63. bigdeal5189
  64. Zelucifer
  65. jho
  66. nismo13GTiR
  67. Newnameforme
  68. Tennisjon2002
  69. killab77
  70. dogert
  71. SDRebel
  72. xthundaz
  73. Link2999
  74. guy_on_The_sofa
  75. DraftBuyer
  76. tortoise
  77. isokramer
  78. shreyasr
  79. doctaFingaz
  80. lotsalotsadeals
  81. scotthall3411
  82. 68droptop
  83. tda388
  84. azisme
  85. haggle_master
  86. wjc
  87. nyarrow
  88. DavidandDenise
  89. mustsav3
  90. aerofreaky11
  91. 68droptop
  92. yuchar168
  93. singal3
  94. ceelove
  95. Atari
  96. adanyc
  97. dirtmaster
  98. FlyingNun
  99. CBdelta
  100. sindeko
  101. rexb
  102. peteh555
  103. sumo28
  104. DMUE
  105. tortoise
  106. mirai
  107. thoror
  108. jcrash
  109. HDTiVoFan
  110. jcknows0
  111. abels
  112. Satsusi
  113. AnnoyedWithRakuten
  114. DPackMan
  115. cleaver
  116. mattsgarage
  117. nksnk
  118. wand
  119. j1huynh
  120. zetasoul
  121. highland1024
  122. Sam-Heek
  123. sightlessnet
  124. baxao1
  125. binji
  126. robinski_
  127. faiz_23
  128. gazr
  129. dealer007
  130. nikla
  131. bnizzle
  132. tarzan1234
  133. BadBrent
  134. yuchar168
  135. marlin29311
  136. xseanx
  137. kachelma
  138. psychojinx
  139. c627627
  140. snknk
  141. morpheus282
  142. coolcyber
  143. syncros123
  144. thriftyscrooge
  145. tialfred1
  146. semifast
  147. suril
  148. namlook
  149. hou1960
  150. jll544
  151. bongchoi21
  152. pjdavep
  153. dholu
  154. kskreider
  155. trencher7
  156. ohhyeeaahh
  157. oracleprogrammr
  158. KimmyKim
  159. anup_c_21
  160. theturnmaster
  161. jerry520ever
  162. supacala
  163. rite237
  164. richman
  165. singingintherain
  166. un_plug
  167. asdfghasdfgh
  168. rbv_shard
  169. NY2008
  170. nevermindvicky
  171. darkonex
  172. MonkeyChops
  173. mehrab012
  174. Badronald
  175. trueman1xfz
  176. TuncerY
  177. andychoi
  178. Chuggington
  179. drucula
  180. wquach
  181. HkB
  182. CheapBastardX10
  183. sky0102
  184. AkumaX
  185. attmci
  186. vodanh1982
  187. Tintinet
  188. k9homan
  189. diytech123
  190. kjmott
  191. mf6764
  192. thewatcher07
  193. cnewsgrp
  194. goldenone23
  195. bossusa
  196. Carkis
  197. ohhgourami
  198. cmm0325
  199. omendt
  200. ducky2802
  201. SlikRick
  202. teja9999
  203. kevvinz
  204. TP78
  205. shahnm
  206. DiabolicPumpkin
  207. blackoper
  208. gryphus
  209. mimi_mechant
  210. JoshMcMadMac
  211. bkiserx7
  212. EricW4226
  213. gimmie
  214. ghost5189
  215. sandman8288
  216. miziyuan
  217. rbreding
  218. JackDough
  219. Evenstar979
  220. Cletus81
  221. ecf
  222. bargainfinder09
  223. missmex1
  224. Chris29
  225. xiesanshao
  226. RoundSparrow
  227. bpp
  228. Krystm
  229. WhiteShadow1
  230. ilyap30
  231. bijju
  232. stingraysix
  233. santiagoanders
  234. compuguy1088
  235. photo00001
  236. Devius1
  237. parasitemite
  238. Princeton85
  239. contraium
  240. JavierH
  241. girishvk
  242. OnlyDealz
  243. elslicko
  244. Reallynotnick
  245. ieclipsie
  246. john_kc
  247. icdedppl
  248. knightracer
  249. scoutconnor
  250. silverforumsurf
  251. cazicthule
  252. mister_x
  253. produke
  254. minhquan2106
  255. FayEvelynSchlob
  256. Zechs19
  257. peterstevens
  258. TXGoat
  259. gbkims
  260. anzix
  261. pbmpharmacist
  262. Edxzxz
  263. bbf
  264. anakha
  265. vanburen0875
  266. sklar
  267. Funkorama
  268. lukeS1969
  269. twhite91
  270. vailr
  271. 1111111111
  272. SinceCCF
  273. LandonsDad
  274. ewiz77
  275. o0SlickMaster0o
  276. fvpawli
  277. kevin2011
  278. DocMo
  279. PharAway
  280. misterpooter
  281. kankri99
  282. skv
  283. mychaelp
  284. DaMostUnknown
  285. klatka13
  286. magicfame
  287. PokerKnight
  288. odysseyelite
  289. majorjohn
  290. taimeili123
  291. IlikeSD
  292. chis101
  293. amdk9
  294. chener
  295. jayhsu
  296. randalsw
  297. GottaLoveAZ
  298. BSoares
  299. fedechat
  300. DrunkenSoul
  301. turbobuick86
  302. viper87227
  303. BigChiefTaco
  304. HOO-MAN?
  305. HeavenlySkies
  306. TiredDog
  307. dipperq
  308. zaku178
  309. VirginiaBob
  310. ilya980
  311. rigamortis
  312. Genius4sho
  313. epicd2012
  314. thekedar
  315. drinkingbird
  316. djkyle65c
  317. peanut932
  318. plastik3000
  319. dersimden
  320. MarcSparks
  321. kxc262
  322. xtrabad
  323. yourownhero
  324. rebo0t
  325. ewh2002
  326. Chai
  327. finnadat
  328. MichaelM7154
  329. sleddie
  330. pood
  331. lampakky
  332. blueiegod
  333. spyderfang
  334. monster888
  335. hantidam
  336. nilmot
  337. dokiant
  338. Ashane
  339. dezenutz
  340. blazin-asian
  341. crocodile
  342. roleypoleyfoley
  343. alexboroda
  344. Ray97
  345. echostorm
  346. supercopofhongkong

890 Comments

46 47 48 49 50

Sign up for a Slickdeals account to remove this ad.

Joined Apr 2007
L5: Journeyman
285 Reputation
#706
Not sure if its tied in but earlier there was mention of that mega-credit car fraud ring. Well, here is the FBI details of that: http://www.fbi.gov/newyork/press-...e-takedown and a reddit article with what appears to be a suspect in that ring: http://www.reddit.com/r/pics/comm...ned_after/
Reply Helpful Comment? 0 0
Joined Jun 2011
L10: Grand Master
1,690 Reputation
#707
looks like my CC company knew something was off. they are replacing my card even though it does not have fraud transaction yet.

not sure if it has something to do with Rakuten but i remember removing this card from one of my Rakuten accounts after getting fraud on my other card
Reply Helpful Comment? 0 0
Joined Sep 2011
L2: Beginner
95 Reputation
#708
I want to place an order on their site for a computer to take advantage of the 20% CB for new customers, but I also don't want my card info stolen. Has anyone tried any of the eGiftcards (like the American Express, Visa prepaid, etc...) and had it work? I haven't had a Visa prepaid work online for me and don't want to be stuck with a 1k giftcard that I can only use with limited vendors. TYIA.
Reply Helpful Comment? 0 0
Joined Aug 2007
L5: Journeyman
240 Reputation
#709
Quote from Black_Five View Post :
I want to place an order on their site for a computer to take advantage of the 20% CB for new customers, but I also don't want my card info stolen. Has anyone tried any of the eGiftcards (like the American Express, Visa prepaid, etc...) and had it work? I haven't had a Visa prepaid work online for me and don't want to be stuck with a 1k giftcard that I can only use with limited vendors. TYIA.
Haven't heard of a eGiftcard.

Best answer:

1: Call Rakuten
2: Post back what they say.
Reply Helpful Comment? 0 0
Joined Jun 2011
L10: Grand Master
1,690 Reputation
#710
Quote from Black_Five View Post :
I want to place an order on their site for a computer to take advantage of the 20% CB for new customers, but I also don't want my card info stolen. Has anyone tried any of the eGiftcards (like the American Express, Visa prepaid, etc...) and had it work? I haven't had a Visa prepaid work online for me and don't want to be stuck with a 1k giftcard that I can only use with limited vendors. TYIA.
i'm not sure what you mean but rakuten does accept prepaid cards.

just make sure you use up the balance after using it at rakuten (buy amazon e-gift card using the remaining balance or something), as i've read that someone had the remaining balance of a prepaid card wiped out after using it at rakuten.
Reply Helpful Comment? 0 0
Joined Sep 2011
L2: Beginner
95 Reputation
#711
Quote from mirai View Post :
i'm not sure what you mean but rakuten does accept prepaid cards.

just make sure you use up the balance after using it at rakuten (buy amazon e-gift card using the remaining balance or something), as i've read that someone had the remaining balance of a prepaid card wiped out after using it at rakuten.
Thanks, that's good to know. Do you know know which card you used that definitely works?

Here's the Amex one:Amex eGift Card Linky [americanexpress.com]
Visa Prepaid: Visa Prepaid Linky [visa.com]
Reply Helpful Comment? 0 0
Joined May 2006
L5: Journeyman
158 Reputation
#712
you cant dispute fraud transactions on amex gc (luckily only $17) so might be better to just use a lesser used cc since frauds not your problem
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

Joined Jun 2011
L10: Grand Master
1,690 Reputation
#713
Quote from Black_Five View Post :
Thanks, that's good to know. Do you know know which card you used that definitely works?

Here's the Amex one:Amex eGift Card Linky [americanexpress.com]
Visa Prepaid: Visa Prepaid Linky [visa.com]
I believe both Amex and visa prepaid cards work.

I used Amex prepaid card I got from doing rebates a while ago on,rakuten, if I remember correctly.
Reply Helpful Comment? 0 0
Joined Apr 2006
L5: Journeyman
198 Reputation
Original Poster
#714
Quote from chis101 View Post :
06/28/2013 Pending YAHOO *WALLET $1.00
06/28/2013 Pending PAYPAL -$1.00
06/28/2013 Pending PAYPAL $1.00
06/28/2013 Pending RN * $1.00

My last use of Rakuten was 3/21/2013. Edit: Upon looking a bit more, I noticed I did use Buy.com on 6/4/2013 that went on this credit card, but it was through PayPal, so the number should have been protected from that.
Your $1.00 PayPal charges appear to be Credit Card Verification attempts by PayPal. It could be the same for Yahoo Wallet and possibly "RN". The fraud-artist appears to have setup a new PayPal Account with your credit card and PayPal is doing their traditional card test. None of those charges would ever appear on your statement since they cancel out. The only way to see them online is to expand the section on "Pending Charges". It's a great way for the fraud-artist to test a card before either selling the card number or using it for a purchase.
Reply Helpful Comment? 0 0
Joined Jun 2013
L6: Expert
109 Reputation
#715
add me to the list. I had it happen with a Japanese seller through Rakuten in Japan. It was paid for with paypal but on an account I only used for that purchase. Within the next couple of days I had a paypal charge from that credit card and I KNEW it was from that Rakuten purchase.

I jumped on the Samsung 830 deal last evening here and I swore I would never deal with Rakuten again no matter how tempting the deal was, but someone mentioned in the thread about the v.me account which is secure and hackproof for sites like Rakuten. I was intrigued and signed up for v.me but maybe my mistake was signing up while in the Rakuten site. I noticed the URL was HTTPS which is secure, but the URL was Rakuten while I was filling out my account details and credit card information for v.me. Within a minute of that order being submitted I got an instant alert from Chase.com warning me of an unauthorized charge from Rakuten for my order. I clicked that I actually placed the order, but when I went back to Rakuten it said there was a problem with my order but the payment options didn't include v.me or paypal even, THEY WANTED A CREDIT CARD #!!!!!! To me this is obvious they are blatantly wanting credit card info for more fraudulent practices. BEWARE of Rakuten!
Reply Helpful Comment? 0 0
Joined Apr 2006
L5: Journeyman
198 Reputation
Original Poster
#716
Quote from amdk9 View Post :
add me to the list. I had it happen with a Japanese seller through Rakuten in Japan. It was paid for with paypal but on an account I only used for that purchase. Within the next couple of days I had a paypal charge from that credit card and I KNEW it was from that Rakuten purchase.
We haven't been tracking fraudulent activities following purchases through Rakuten Japan as much as the Rakuten Shopping site -- though there are a few others who also had bad results in this thread. There was a publicly confirmed security breach at the Rakuten Japan site several years ago. An internal employee was charged. Is it possible there were other employees? Is it possible that Rakuten Shopping uses its financial parent in Japan to process financial transactions in the U.S., and therefore exposing the same vulnerability?

Quote from amdk9 View Post :
I jumped on the Samsung 830 deal last evening here and I swore I would never deal with Rakuten again no matter how tempting the deal was, but someone mentioned in the thread about the v.me account which is secure and hackproof for sites like Rakuten. I was intrigued and signed up for v.me but maybe my mistake was signing up while in the Rakuten site. I noticed the URL was HTTPS which is secure, but the URL was Rakuten while I was filling out my account details and credit card information for v.me. Within a minute of that order being submitted I got an instant alert from Chase.com warning me of an unauthorized charge from Rakuten for my order. I clicked that I actually placed the order, but when I went back to Rakuten it said there was a problem with my order but the payment options didn't include v.me or paypal even, THEY WANTED A CREDIT CARD #!!!!!! To me this is obvious they are blatantly wanting credit card info for more fraudulent practices. BEWARE of Rakuten!
You might be on to something significant. Although Rakuten Shopping says they passed a security audit, there are several non-standard purchase situations (simultaneously setting up a V.me, etc. etc.) that I'd be willing to bet weren't all analyzed. (There are a whole lot of order combinations.) There were several others too that received a legitimate message from Rakuten requesting another credit card number. I wonder if that is manually sent out by someone. I wonder if there's an employee that manually follows-up with those amended orders. (I would hope that all of these Q's were addressed in their security audit.)

An SD User (please let me know who so I can reference you) posted an interesting link to a LifeHacker article:
"Use Virtual Credit Card Numbers to Shop Safely Online, Keeping in Mind the Downsides" http://lifehacker.com/5831160/use...-downsides
"There was some wacky merchant who would do this weird thing where they had one merchant account that would ping Discover to verify the card, then they would use ANOTHER account to run the capture... so it would fail because Discover ties the secure number to that merchant."

A few people mentioned something similar to this LifeHacker comment occurring to them at Rakuten. I would think that 99% of the others were successful with a VCCN or we'd be hearing about it in masses.
Reply Helpful Comment? 0 0
Joined Dec 2006
L3: Novice
48 Reputation
#717
^^It wasn't me, but some many pages back, i've been suggesting folks use virtual account numbers for all their online/phone ordering.
Reply Helpful Comment? 0 0
Joined Nov 2007
L7: Teacher
529 Reputation
#718
Wow, add me to this list. Not sure why it took me so long to put 2 and 2 together. I placed an order with Buy.com on 3/12 (two different 3rd party sellers) using my AmEx and the $20 off $50 electronic promotion. On 3/28 I was alerted by AmEx that a fraudulent transaction was detected with FTD.com for $110!

And all along I thought it was the pediatrician's office billing lady stealing my info.
Reply Helpful Comment? 0 0
Joined Apr 2012
L2: Beginner
27 Reputation
#719
i am using paypal (linked with my chase credit card) to shop with rakuten about two months ago. my credit card works fine for the past 5 years. but last week, there are two unknown transactions in UK charged into my account. totally can not trust rakuten any more.
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

Joined Mar 2004
L6: Expert
431 Reputation
#720
Quote from jayhsu View Post :
i am using paypal (linked with my chase credit card) to shop with rakuten about two months ago. my credit card works fine for the past 5 years. but last week, there are two unknown transactions in UK charged into my account. totally can not trust rakuten any more.

I find the "used PayPal now my CC is defrauded" accounts highly suspect.

PayPal does not EVER share CC or other payment info with vendors. There is no reason to.

Whatever is happening at Rakuten is specific to CCs used directly with them to purchase items. If your card was defrauded it was probably unrelated.

I have used buy.com/rakuten.com in the past, always with PayPal and have never had a fraud issue with the credit cards linked to that PayPal account.

I'm beginning think this CC fraud whole thing is actually being run by the company too.... why else do they offer incredible promotions - ONLY IF you use a credit card? That would be stupid to the nth degree, of course, so I can't consider it seriously, but it does seem strange.

As an IT professional, I see several possibilities here:

1. Rakuten is complicit in the credit card theft. Not the most likely possibility, but it is a possibility.

2. Rakuten's credit card processor is compromised in some way

3. Rakuten's database server (where all the data is kept) is compromised...
3.a. Perhaps data is stored unencrypted, and the database's file is being scanned for changes, with new numbers being scrapped from the files in plain text?
3.b. The database server is fully compromised and all transaction calls are being shunted through a middle man trojan that is siphoning off the CC data when it moves around on the server

4. Rakuten's web server is compromised...
4.a. Outgoing calls to the database server are examined and CC#s scraped from the data
4.b. Even simpler, code might have been hooked into the server's web applications to scan the data and store it off someplace.

5. Rakuten's firewall hardware has been compromised, leaving all incoming data freely available to a trojan that scrapes the data.

The CC# data for thousands of customers a day is easily valuable enough for a large criminal enterprise to target Rakuten directly and write code targeting their hardware. It might not be easy to root out, but it looks like they haven't put a very good effort if their only response has been "we checked, and you are all morons" - even while major banks have started getting serious about the problem from the customers' end.
Reply Helpful Comment? 0 0
Page 48 of 60
46 47 48 49 50
Join the Conversation
Add a Comment
 
Slickdeals Price Tracker
Saving money just got easier.
Start Tracking Today
Copyright 1999 - 2015. Slickdeals, LLC. All Rights Reserved. Copyright / DMCA Notice  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)